ADSL Server出现如下大量提示:/var/log/messages
Mar 19 16:36:43 ADSLserver kernel: ll header: ff:ff:ff:ff:ff:ff:00:48:54:5b:0d:3f:08:00
Mar 19 16:36:43 ADSLserver kernel: martian source 192.168.6.255 from 192.168.6.2, on dev eth0
Mar 19 16:36:43 ADSLserver kernel: ll header: ff:ff:ff:ff:ff:ff:00:48:54:5b:0d:3f:08:00
Mar 19 16:36:43 ADSLserver kernel: martian source 192.168.6.255 from 192.168.6.2, on dev eth0
Mar 19 16:36:43 ADSLserver kernel: ll header: ff:ff:ff:ff:ff:ff:00:48:54:5b:0d:3f:08:00
解决:
echo 0 >/proc/sys/net/ipv4/conf/eth0/rp_filter
原因:
22.4 战神攻击
如果tcpdump显示Linux服务器看起来没有对来自Windows/Mac客户端的数据包做出响应,那么可能没有禁用反向路径过滤(Reverse Path Filtering)。如果你在/var/log/messages里看到这样:
martian destination 127.0.0.1 from 192.168.0.222, dev ipsec0
martian source 192.168.0.200 from 192.168.0.222, on dev eth0
ll header: 00:00:00:00:00:00:00:40:33:2c:70:c8:08:00
那么你需要清空rp_filter。如果在/var/log/messages向回翻,你可以看到FreeS/WAN有这样的提示:
ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter = `1', should be 0)
如是eth0设备,使用echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter可以快速修复这个问题。作为选择,你可以在/etc/sysctl.conf中添加net.ipv4.conf.default.rp_filter=0。
阅读(2490) | 评论(1) | 转发(0) |
